Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'Automate reverse VNC connection using Vine Sever' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Automate reverse VNC connection using Vine Sever
Authored by: AaronAdams on Dec 29, '10 08:18:53AM

Let's be more accurate: NAT firewalls that don't support UPnP or NAT-PMP may prevent iChat screen sharing from working. For example, all AirPorts and Time Capsules can act as NAT firewalls, but iChat works just fine through them because they have NAT-PMP. So a NAT firewall doesn't necessarily preclude you from using iChat.

There are NAT firewalls that don't support NAT-PMP or UPnP. Mine is one of them, so instead, I have to use port triggering. Set up your firewall to trigger TCP ports 16384-16403, incoming and outgoing, and iChat screen sharing (as well as audio and video) work perfectly.

[ Reply to This | # ]
Automate reverse VNC connection using Vine Sever
Authored by: SOX on Dec 30, '10 08:03:58AM

Thanks but not very clear. Truthfully, I've always been somewhat mystified on this sort of unpnp stuff on firewalls. please explain. I dont' understand what it is trying to do.

port triggers and other firewall settings are usually a non-starter. First, in many case people can't access their modems or firewalls to set these up. (e.g. in a shared facility). Second, it's impossible to set these up remotely the first time! and third, trying to edit these remotely is perilous. you can easily make a change that prevents you from connecting back.

as for port triggers I've never had good luck with those. In the case of VNC or ssh inbound I don't even see how a port trigger would work. There is no outbound to trigger the port. For ichat there are some outbound connections to the status server and I had set these up for ichat's outbound connections you trigger the inbound port ranged and never got the expected inbound ones to work.

[ Reply to This | # ]
Automate reverse VNC connection using Vine Sever
Authored by: AaronAdams on Jan 04, '11 10:42:51AM

It's very clear: NAT routers with NAT-PMP or UPnP enable you to use iChat for screen sharing.

NAT-PMP and UPnP originate at the host and tell the firewall to listen for traffic on a specific port, and when that traffic arrives, forward it to the host. It's a dynamic way of opening ports as needed for specific services at the time they are used. Think of it as automated port forwarding.

Port triggers are a little different. Port triggers are configured at the firewall, and when a host behind the firewall sends outgoing traffic on a specific port, the firewall knows to listen for a response back on another specific port or port range and to forward that traffic back to the originating host.

I see that the article has been changed to attempt to negate my original point, but I want to state that reverse VNC via Vine Server isn't absolutely necessary behind all NAT firewalls, and that includes Apple's own AirPort base stations. iChat works fine through them.

There's nothing hard about configuring a firewall for NAT-PMP/UPnP if it supports it. Port triggering works exactly as I stated above when configured correctly. Both of these things can be done remotely and are hardly perilous if you're competent.

[ Reply to This | # ]